All four US carriers, including Verizon, AT&T, Sprint, and T-Mobile, have introduced a new security platform called Project Verify that wants to put all of your two-factor authentication and log-in needs into their hands. It’s still really just an early demo and isn’t planned to launch until next year, but we still have some details to look at while they put the finishing touches on everything.
Essentially, Project Verify would allow apps and websites to perform a detailed second look over who you say you are with your phone. Since it works on all the major carriers, that means apps would be able to really verify it’s you based on your phone number, phone account, SIM card details, and more. It’s really thorough and would be pretty difficult to spoof, which is great for account security.
On the other hand, though, I don’t want AT&T handling my passwords and security, and I wouldn’t blame you for not wanting your carrier of choice dealing with that stuff, either. They’re all notoriously bad at keeping anything secure, and they intentionally leak and sell information to make money. Just Google some horror stories of fraudulent account purchases on any of the aforementioned carriers and you’ll have reading material for weeks. The carriers suck at validating users.
AT&T has actually gone on record saying they’re intentionally keeping all of this information out of a central database to prevent malicious attacks or intentionally try to keep customers stuck on one particular carrier, which may or may not be true. The project has also asked developers to reach out so they can implement early versions of Project Verify to get the platform off the ground before its actual launch.
Personally? I’m staying way the hell away from this.
source: Ars Technica